Content Count

Joined

Last visited

Community Reputation

About doxer

I can't decide if it's a new rule, or a corollary to Rule #3, but I'd like to suggest the following:
Spammers follow the rule that "If it doesn't work, do it more"
If sending 100 messages didn't sell any pills, send 100,000. If a botnet of 1000 machines failed to relay mail through someone's server successfully, deploy one with 10,000. And so on.
Some of this is related to the economics of spam: when you're dealing with success rates that are tiny fractions of a percent, increasing the volume is the only way to break even. But some of it just looks like idiocy.

I use one domain as a spamtrap domain. Robots that visit the website associated with the domain get handed a unique bogus email address; mails to that address are logged and analyzed.
Apparently the Russians are big on web-scraping, because most of the spam captured in this way is either in Russian or is typical of Russian-managed botnets (i.e. pharmacy spam). There are a handful of the other usual suspects, such as CEO Sales Solution and advertise-bzs.net, but mostly there's not much variety.
A certain amount of spam gets sent not to one of the machine-generated 'trap' addresses, but to addresses at the domain that consist of strings of seemingly random letters and numbers. My initial assumption was that these were pieces of message IDs that had been mistaken for email addresses by braindead list-builder software.
However, I'm currently seeing a tidal wave of spam pumping a penny stock with the symbol PRFC, sent to literally thousands of these non-existent random addresses (a fair amount of PRFC spam also hits 'real' addresses both on this domain and others). It starts to look less like bad de-munging and more as if the spammer is deliberately generating and targeting nonsense addresses.
My question is, what's the point? Most domains will have their catchall email address disabled. The addresses generated in this way are so oddly-formed that there's almost no chance that they'll somehow discover a real address. Or is this just what happens when you take the infinite monkeys with their infinite typewriters off the task of writing Shakespeare and set them to sending stock spam?
Thoughts, observations, insights would be welcome.

Your best hope might be to report it to bit.ly then. I've found them to be pretty responsive in the past, although in most cases all they'll do is to route the URL to a warning interstitial page, rather than remove the link entirely.
If you go to http://bit.ly/ and scroll down, you'll find a 'Contact' link in the bottom left corner of the page. There's a 'Report Abuse' option on the contact form that appears.
Incidentally, bit.ly is one of the only URL shortening services I've discovered that seems to care at all about spam. Others are mostly indifferent or uncontactable. There are a number of shortening services that look as if they were built by someone who was playing around with PHP, hacked together a URL shortener on a wet Saturday morning, put it on a server and promptly forgot about it. It still works and the spammers love it, but good luck trying to get anyone to take any interest in it.

The spammer ... pardon me, the alleged spammer ... ;-) ... has not sent any additional threats. However, their first message said, in effect, 'you have X days to comply', and X is not up yet. I may get a message saying "OK, here comes the lawsuit" in a few days time once the deadline passes.
Their initial message was, I suspect, written without the help of a lawyer - it's full of the kind of pseudo-legalese that you see when non-lawyers are trying to sound legal, and contains some bonus predictions of various dire things that could happen to me ("... failure to comply by the party of the first part may constitute barratry and connivance under the Canals & Watersheds Act of the State of Pennsylvania [1879], the maximum penalty for which shall be forfeiture of income, confinement in the pillory and being eaten by wolverines". OK, I made that up, but that's the general idea), apparently in an attempt to frighten me into doing what they want.
My guess is that they have not consulted a lawyer and that if they did consult one, s/he would quickly tell them that they didn't have a case. In that case, depending on how strongly they feel about it, I may get a few more pseudo-legal threats before they get bored, but that's all.
The worst-case scenario is that they decide to push it, and that they find the kind of lawyer who says "Sure, I'll take your money", no matter how weak the case. Said lawyer would then arrange to sue me in some plaintiff-friendly jurisdiction arguing malicious damage to their client's spotless reputation, and I'd have to decide whether to fight it on general principles or not. It looks to me as if I would have a number of very valid defenses against any charge that they might come up with, but for obvious reasons I'd rather that it didn't go that far.
"Of course I've got lawyers. They are like nuclear weapons: I've got 'em 'cause everyone else has. But as soon as you use them they screw everything up." [Danny de Vito, "Other People's Money"]
True, that.
I may send them the boilerplate message that I send when someone complains, explaining exactly why they're mentioned on my site and including sample messages. In the past, simply demonstrating that I keep a file of evidence has been quite effective in causing other spammers to back down. But in this case, it might just be a case of gasoline on the fire.

I run a blog on which I record spam that I receive. The majority of the records I post simply say something like "We have received spam that appears to promote domain X". I am very careful not to say that X is a spammer, unless I have solid evidence to that effect.
Periodically, an (alleged) spammer will notice that my page naming his business or domain ranks rather high in Google searches related to his company and gets upset. In my experience, companies who didn't know that what they were doing was spam tend to be polite and contrite: when someone goes utterly ballistic and starts spewing legal threats, it's a pretty safe sign that they're a hardcore spammer. Also, usually, that they're bluffing.
I've recently received such a message from one individual threatening to drag me, my officers, executives, minor children and domestic livestock into court unless I instantly remove my 'slanderous defamation' of him and his business. (The said 'slanderous defamation' consists of a page listing some of his domains, and a note that I have received unsolicited email advertising those domains).
Incidentally, this is another case of "the louder they scream, the spammier they are" - I hadn't previously paid attention to this guy, but now that I've looked into it, I've discovered a ton of comment spam promoting his business.
So my question is: does anyone have any informed opinion on what is permissible when publicly outing (alleged) spammers? I confine myself to statements of provable fact concerning email received; I even take care to include a disclaimer to the effect that the receipt of spam does not prove that it was sent by the owner of the domain or business. But could a clever lawyer (assuming that the spammer has one - and, in this case, reading his tirade, I'm pretty sure he doesn't) still make the case that a bald statement of fact constituted defamation or libel?
Is there any case law or precedent that anyone can point me to?